NEW QUESTION 300 A security operations team was alerted to abnormal DNS activity coming from a user’s machine. The team performed a forensic investigation and discovered a host had been compromised. Malicious code was using DNS as a tunnel to extract data from the client machine, which had been leaked and transferred to an unsecure public Internet site. Which of the following BEST describes the attack?

NEW QUESTION 200 A security analyst begins to notice the CPU utilization from a sinkhole has begun to spike. Which of the following describes what may be occurring?

A. Someone has logged on to the sinkhole and is using the device. B. The sinkhole has begun blocking suspect or malicious traffic. C. The sinkhole has begun rerouting unauthorized traffic. D. Something is controlling the sinkhole and causing CPU spikes due to malicious utilization.